Kaspersky ID:
KLA79485
Дата обнаружения:
04/02/2025
Обновлено:
25/03/2025

Описание

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. Memory safety vulnerability can be exploited to execute arbitrary code.
  2. Security vulnerability in can be exploited to bypass security restrictions.
  3. Security UI vulnerability can be exploited to spoof user interface.
  4. Information disclosure vulnerability can be exploited to obtain sensitive information.
  5. Use after free vulnerability in XSLT can be exploited to cause denial of service or execute arbitrary code.
  6. Use after free vulnerability can be exploited to cause denial of service or execute arbitrary code.
  7. Cross-site scripting (XSS) vulnerability can be exploited to perform cross-site scripting attack.
  8. Use after free vulnerability in Custom Highlight can be exploited to cause denial of service or execute arbitrary code.
  9. A remote code execution vulnerability in Microsoft Excel can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2025-1014
    critical
  • CVE-2025-0510
    high
  • CVE-2025-1017
    critical
  • CVE-2025-1013
    high
  • CVE-2025-1009
    critical
  • CVE-2025-1012
    critical
  • CVE-2025-1015
    high
  • CVE-2025-1016
    critical
  • CVE-2025-1010
    critical
  • CVE-2025-1011
    critical
  • CVE-2025-1020
    critical
  • CVE-2025-1019
    warning
  • CVE-2025-1018
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.